trac#358: OVAL generator element exported by OpenSCAP shall include <ova... #22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…oval:product_version> element.
isimluk
added a commit
that referenced
this pull request
Nov 4, 2014
trac#358: OVAL generator element exported by OpenSCAP shall include <ova...
maage
added a commit
to maage/openscap
that referenced
this pull request
Sep 4, 2022
libxml2 does use <= when comparing nodeNr and 0. node line depends on node type, we need to use function to find it. See: https://github.com/tenderlove/libxml2/blob/ecb5d5afdc8acceba608524f6e98c361fd2ce0e9/tree.c#L4507 253/265 Test: probes/xmlfilecontent/test_xmlfilecontent_probe.sh Command: "/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh" Directory: /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xmlfilecontent "probes/xmlfilecontent/test_xmlfilecontent_probe.sh" start time: Sep 04 20:13 EEST Output: ---------------------------------------------------------- ================================================================= ==866168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080003efd90 at pc 0x7fdbf2623c59 bp 0x7fdbe7ab8430 sp 0x7fdbe7ab8428 READ of size 2 at 0x6080003efd90 thread T8 #0 0x7fdbf2623c58 in process_file.isra.0 /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xm lfilecontent_probe.c:307 OpenSCAP#1 0x7fdbf25dba5a in xmlfilecontent_probe_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independ ent/xmlfilecontent_probe.c:397 OpenSCAP#2 0x7fdbf25c2087 in probe_worker /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c:1114 OpenSCAP#3 0x7fdbf25bc44f in probe_worker_runfn /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c: 97 OpenSCAP#4 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) OpenSCAP#5 0x7fdbf21121af in clone3 (/lib64/libc.so.6+0x1121af) 0x6080003efd90 is located 16 bytes to the right of 96-byte region [0x6080003efd20,0x6080003efd80) allocated by thread T8 here: #0 0x7fdbf28ba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x7fdbf22cdb63 in xmlNewPropInternal.lto_priv.0 (/lib64/libxml2.so.2+0x57b63) Thread T8 created by T7 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25bf673 in probe_input_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/input_handler.c:183 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T7 created by T5 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25be1d0 in probe_common_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/probe_main.c:256 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T5 created by T0 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf253b6a0 in sch_queue_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/sch_queue.c:62 OpenSCAP#2 0x7fdbf253b6a0 in SEAP_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/seap.c:116 OpenSCAP#3 0x7fdbf253b6a0 in oval_probe_comm /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:443 OpenSCAP#4 0x7fdbf2543e1d in oval_probe_ext_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:980 OpenSCAP#5 0x7fdbf2543e1d in oval_probe_ext_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:858 OpenSCAP#6 0x7fdbf2545af4 in oval_probe_query_object /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:156 OpenSCAP#7 0x7fdbf255bf83 in oval_probe_query_test /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:257 OpenSCAP#8 0x7fdbf255bf83 in _oval_result_test_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1031 OpenSCAP#9 0x7fdbf255bf83 in oval_result_test_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1152 OpenSCAP#10 0x7fdbf255c67f in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:367 OpenSCAP#11 0x7fdbf255c67f in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#12 0x7fdbf255c61c in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:358 OpenSCAP#13 0x7fdbf255c61c in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#14 0x7fdbf255c835 in oval_result_definition_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultDefinition.c:165 OpenSCAP#15 0x7fdbf255cae8 in oval_result_system_eval_definition /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultSystem.c:373 OpenSCAP#16 0x7fdbf2502951 in oval_agent_eval_system /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_agent.c:286 OpenSCAP#17 0x7fdbf250ac0b in oval_session_evaluate /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_session.c:372 OpenSCAP#18 0x55cf5fd8b858 in app_evaluate_oval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-oval.c:360 OpenSCAP#19 0x55cf5fd94b86 in oscap_module_call /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:295 OpenSCAP#20 0x55cf5fd94b86 in oscap_module_process /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:389 OpenSCAP#21 0x55cf5fd81d4e in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap.c:88 OpenSCAP#22 0x7fdbf202954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xmlfilecontent_probe.c:307 in process_file.isra.0 Shadow bytes around the buggy address: 0x0c1080075f60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1080075fb0: fa fa[fa]fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075ff0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1080076000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==866168==ABORTING
maage
added a commit
to maage/openscap
that referenced
this pull request
Sep 12, 2022
libxml2 does use <= when comparing nodeNr and 0. node line depends on node type, we need to use function to find it. See: https://github.com/tenderlove/libxml2/blob/ecb5d5afdc8acceba608524f6e98c361fd2ce0e9/tree.c#L4507 253/265 Test: probes/xmlfilecontent/test_xmlfilecontent_probe.sh Command: "/builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh" Directory: /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/redhat-linux-build/tests/probes/xmlfilecontent "probes/xmlfilecontent/test_xmlfilecontent_probe.sh" start time: Sep 04 20:13 EEST Output: ---------------------------------------------------------- ================================================================= ==866168==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080003efd90 at pc 0x7fdbf2623c59 bp 0x7fdbe7ab8430 sp 0x7fdbe7ab8428 READ of size 2 at 0x6080003efd90 thread T8 #0 0x7fdbf2623c58 in process_file.isra.0 /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xm lfilecontent_probe.c:307 OpenSCAP#1 0x7fdbf25dba5a in xmlfilecontent_probe_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independ ent/xmlfilecontent_probe.c:397 OpenSCAP#2 0x7fdbf25c2087 in probe_worker /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c:1114 OpenSCAP#3 0x7fdbf25bc44f in probe_worker_runfn /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/worker.c: 97 OpenSCAP#4 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) OpenSCAP#5 0x7fdbf21121af in clone3 (/lib64/libc.so.6+0x1121af) 0x6080003efd90 is located 16 bytes to the right of 96-byte region [0x6080003efd20,0x6080003efd80) allocated by thread T8 here: #0 0x7fdbf28ba68f in __interceptor_malloc (/lib64/libasan.so.8+0xba68f) OpenSCAP#1 0x7fdbf22cdb63 in xmlNewPropInternal.lto_priv.0 (/lib64/libxml2.so.2+0x57b63) Thread T8 created by T7 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25bf673 in probe_input_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/input_handler.c:183 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T7 created by T5 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf25be1d0 in probe_common_main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/probe/probe_main.c:256 OpenSCAP#2 0x7fdbf208ce2c in start_thread (/lib64/libc.so.6+0x8ce2c) Thread T5 created by T0 here: #0 0x7fdbf284b3e6 in __interceptor_pthread_create (/lib64/libasan.so.8+0x4b3e6) OpenSCAP#1 0x7fdbf253b6a0 in sch_queue_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/sch_queue.c:62 OpenSCAP#2 0x7fdbf253b6a0 in SEAP_connect /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/SEAP/seap.c:116 OpenSCAP#3 0x7fdbf253b6a0 in oval_probe_comm /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:443 OpenSCAP#4 0x7fdbf2543e1d in oval_probe_ext_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:980 OpenSCAP#5 0x7fdbf2543e1d in oval_probe_ext_handler /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe_ext.c:858 OpenSCAP#6 0x7fdbf2545af4 in oval_probe_query_object /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:156 OpenSCAP#7 0x7fdbf255bf83 in oval_probe_query_test /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_probe.c:257 OpenSCAP#8 0x7fdbf255bf83 in _oval_result_test_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1031 OpenSCAP#9 0x7fdbf255bf83 in oval_result_test_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultTest.c:1152 OpenSCAP#10 0x7fdbf255c67f in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:367 OpenSCAP#11 0x7fdbf255c67f in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#12 0x7fdbf255c61c in _oval_result_criteria_node_result /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:358 OpenSCAP#13 0x7fdbf255c61c in oval_result_criteria_node_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultCriteriaNode.c:390 OpenSCAP#14 0x7fdbf255c835 in oval_result_definition_eval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultDefinition.c:165 OpenSCAP#15 0x7fdbf255cae8 in oval_result_system_eval_definition /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/results/oval_resultSystem.c:373 OpenSCAP#16 0x7fdbf2502951 in oval_agent_eval_system /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_agent.c:286 OpenSCAP#17 0x7fdbf250ac0b in oval_session_evaluate /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/oval_session.c:372 OpenSCAP#18 0x55cf5fd8b858 in app_evaluate_oval /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-oval.c:360 OpenSCAP#19 0x55cf5fd94b86 in oscap_module_call /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:295 OpenSCAP#20 0x55cf5fd94b86 in oscap_module_process /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap-tool.c:389 OpenSCAP#21 0x55cf5fd81d4e in main /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/utils/oscap.c:88 OpenSCAP#22 0x7fdbf202954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) SUMMARY: AddressSanitizer: heap-buffer-overflow /builddir/build/BUILD/openscap-f81da4bd66dbe528ffa6be16aca36b93f3eec0a5/src/OVAL/probes/independent/xmlfilecontent_probe.c:307 in process_file.isra.0 Shadow bytes around the buggy address: 0x0c1080075f60: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f70: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f80: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075f90: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c1080075fb0: fa fa[fa]fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fc0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075fe0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1080075ff0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1080076000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==866168==ABORTING
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
...l:product_version> element.